Category Archives: ODI

OBIEE is released – Improved UI and features

Oracle has released new OBIEE and available for download. Some highlights of the new features in this version are:

  • Improved installer
  • NOT supported on 32-bits Operating Systems.
  • Better Administration Features: New monitoring operations via Mbeans,additional information in Usage Tracking tables, new INSTANCECONFIG.xml and NQSCONFIG.INI settings
  • Improved Aggregate Persistence wizard to generate the aggregates with levels auto-correct and etc.
  • Selection Steps & Hierarchical columns can be override with the initialization blocks with its initialization string written in JSON syntax.
  • New light weighted UI Skin: Skyros, Similar to Oracle BI Cloud Service
  • HTML5 output is supported and can be configured as default output format. So flash limits will not stop your analysis on any devices.
  • More settings to configure the exports: columns formatting, Width, No.of rows etc..
  • Ability to save calculated column to reuse in other analysis
  • Better and simple UI (skin & Style) customization with a centralized master CSS and images in one directory.
  • Improved Scheduler WebService methods gives more flexibility to manage the OBIEE Agents programmatically.

And many more can be found in New Features document:


Download at:
New intuitive Documentation Link:
System Certification Matrix:

Shiva Molabanti


Tags: , ,

Oracle Business Intelligence Cloud Service (BICS) – Overview

Oracle has release new Oracle has introduced Oracle Business Intelligence Cloud Service (BICS) and now it is GA and available for subscriptions. Now With the advent of Oracle BICS, You can bring critical analytics to those who need them and can use the information to improve business operations when it counts, and not have to learn of problems weeks and even months after they appear, as is the case with many traditional BI systems. And Over the past few weeks I have been participated in Oracle BICS beta program. And, evaluated various real world scenarios and possible deployment options.

Introduction to Oracle BICS

The Oracle Business Intelligence Cloud Service (BICS), a part of Oracle Analytics Cloud, which offers the most comprehensive analytics cloud suite on the planet. With built-in mobile capabilities, Oracle BI Cloud Service helps speed and improve decision-making across the organization by lowering the barrier to entry for users providing secure, comprehensive information access with the simplicity and cost-effectiveness of the cloud.

Oracle BICS is the industry’s first BI platform in the cloud that makes analytics available to everyone, from the workgroup to the enterprise. BI Cloud Service endues users of any skill level, from any department, to easily combine data from diverse sources and quickly create rich, interactive analytic applications and reports.

Why Oracle BICS?

  • Multi-tenant OBI
  • Based on Oracle’s proven BI technology, it helps users to quickly create rich, interactive data-driven insights and data visualizations to users throughout an organization.
  • Integrated with industry-leading Oracle Database Cloud (At this moment, this is a Schemas-as-Service).
  • BICS is optimized for the cloud and empowers users to combine data from diverse sources, including other cloud solutions, as well as on-premises and third-party applications. There are multiple ways to load data, from importing files self-service to ongoing data integrations, including web-based file loading, direct queries, ETL integrations, a REST API, and more.
  • Built-in Mobile capability. It provides better support for device-delivered information, such as to dashboards or reports intended for smartphones and tablets.
  • The service simplifies both the preparation of data for reporting and the creation, management, and deployment of analyses. The service offers many self-service capabilities such as loading your data and creating reports for your line of business.
  • Most importantly, it is secured with industry’s highest level security standards (SSAE 16 Type II Certified).
  • 99.5% Availability.
  • SaaS model – Oracle Managed Patching and upgrades (you don’t need to chase the patches. now they are just automatic for you).
  • The Oracle BI Cloud Service is offered as-a-service subscription model rather than a huge one-time purchase cost. So customers can deploy this right away, to small groups, business departments, or the entire organization, with no capital costs.


The new Oracle BICS has togged with all the features of OBIEE 11g and newfangled cloud-native developer tools to model, integrate and analyze your data. Currently BICS does not include other OBIEE components: BI Publisher, Delivers, Essbase, Smart View, MapViews or Invoke Actions.

  • Proven Rich Reporting platform based on OBIEE Dashboards
  • Powerful Analysis platform based on OBIEE Answers
  • Mobile ready support based on OBIEE Mobile HD
  • Browser based thin Data modeling (RPD gone to cloud)
  • Seeded Time Dimension
  • Variety of Data Integration Options:
    • BICS Data Loader: Simple File upload
    • BICS REST API*: Recommended for ETL integration
    • SQL Developer: Interactive data loading and administration
    • DBCS REST API: Define your own custom API
    • PL/SQL Data Import: Generic Web Services data import
  • Intuitive Security and Administration
  • A fresh, lighter weight UI with new Skin & Style called “Skyros”: Skyros leverage’s the newest standard in page stylesheets, CSS3, and is less image-based than the earlier FusionFX-simple skin, improving speed, flexibility, and consistency. As you can see in the screenshots below, this includes changes to things like borders & gradients in all pages. It is also easier to customize, for example all colors have been organized into related anchor and derivative groups, making extensive changes much easier


Oracle BI Cloud Service allows users of all technical levels to quickly and easily create meaningful analytic applications by providing a service that is:

  • Quick to start: With simple, wizard-driven data import and data model introspection, business users can build analyses, BI applications, or data mashups, without any programming or specialized analytics skills.
  • Easy to adopt: An interactive user interface with integrated guidance and tutorials improves productivity and adoption. Users with prior knowledge of Oracle BI can utilize the service right away, without retraining. Cloud-based industry best practices will also be included.
  • Mobile: Built-in mobile capabilities offer analysis on-the-go, including touch, drill, and interact features, with no additional development necessary. Additionally, Oracle BI Cloud Service is equipped for offline use, with fine-grained security to manage access and visibility.
  • Flexible: For more custom queries and data-loading choices, users can leverage programming interfaces for deeper integration.

How secure is the Oracle BICS?

1. Identity

Oracle BICS is built on Oracle’s Identity Management platform. And BICS is multi-tenant and so every subscription is identified with its Identity Domain. The Identity Domain specifies the Company tenant ID.

When a user registers, their account and credential information is stored in Oracle Internet Directory. When a user has access to several services across Oracle cloud, the single sign-on is handled by Oracle Access Manager. When a user account is disabled, it can be disabled across all services. The Identity Management is part of the Common Services layer and secures Oracle Public Cloud services.

2. Data

And Data is stored in the Oracle Database Cloud Service which is hosted in the Oracle Public Cloud. The Oracle Database is well-known for its data security, and the Oracle Cloud keeps your data completely isolated from that of other companies. Oracle Cloud services also offer market-leading security features – including encryption, virus scan and whitelist support. Oracle Cloud data centers offer embassy-grade physical and logical security. The services employ management controls, operational controls, and technical controls and are aligned with the security framework of ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission), specifically ISO/IEC 27002:2005, Code of Practice for Information Security Management and ISO/IEC 27001:2005 standards.

Lastly, BICS greatly reduces Administration efforts:

With Oracle BI Cloud, organizations can reduce the costs and resources required to deploy analytic applications, while retaining comprehensive governance of the data pipeline. Benefits include:

  • Scalability: The cloud-based model allows organizations to add new users and applications as requirements change.
  • Availability: Oracle Cloud delivers high availability, while Oracle optimizes speed by offloading analytic workloads to the cloud.
  • Security: Data and BI applications are part of the Oracle Cloud, which meets the industry’s highest security standards and is completely owned and operated by Oracle, helping ensure data does not travel to third parties.
  • Simplicity: Oracle manages patching and upgrade cycles, further freeing up IT resources and ensuring immediate availability of the latest capabilities.
  • Elasticity: The service offers the power of the Oracle Database and sophisticated Oracle BI capabilities to support current and future comprehensive analytic needs.

Subscription and Pricing:

We can subscribe Oracle BICS monthly. Each subscription has been offered with two independent environments (Pre-Prod and Production) with separate Database and BI Service.

The Pricing information can be found at

Shiva Molabanti


Tags: , , , , , , , , , , , , , , , ,

SAML – A go-to tool for Enterprise – Cloud Applications Security

What is SAML?

SAML is the XML-based Security Assertion Markup Language being standardized at OASIS. SAML enables Single Sign-On and other security scenarios, and provide details about the authentication, attribute, and authorization information between security domains. SAML has the specific XML-based protocol by which security information can be transported securely across domains from SAML Authorities i.e. Identity Provider and the SAML Consumers i.e. Service Providers.

The SAML 2.0 is the latest ratified OASIS standard.


The SAML architecture is surrounded with the following actors:

Identity Provider (IdP): An Identity Provider (IdP), also known as Identity Assertion Provider, is responsible for issuing identification information for all providers looking to interact / service with the system in any possible way, this is achieved via an authentication module which verifies a security token as an alternative to explicitly authenticating a user within a security realm.

An example of this could be, where an external website allows users to log in with Facebook credentials, Facebook is acting as an identity provider. Facebook verifies that the user is an authorized user and returns information to the external site such as username and email address (specific details might vary). Similarly, if a site allows login with Google or Twitter, Google and Twitter are acting as the identity provider.

Service Provider (SP): A Service Provider (SP), also known as consumer of SAML assertions. Basically, A Service Provider means your application/resource who wants to be SSO with SAML federated services.

An example of this could be OBIEE,, Tableau and NetSuite etc…

How does SAML Work?

At its core, SAML is a series of XML-based messages that detail whether a person has authenticated, and frequently information about that person. SAML is primarily used for SSO between organizations and websites that are “external” to the organization. However, it can be used just as well for internal SSO applications.

The three main components of the SAML specification are:

  1. Assertions – The two most commonly usedSAML assertions:
    • Authentication assertions are those in which the user has proven his identity.
    • Attribute assertions contain specific information about the user, such as an email and phone number.
  2. Protocol – This defines the way that SAML asks for and gets assertions, for example, using SOAP over HTTP.
  3. Binding – This details exactly how SAML message exchanges are mapped into SOAP exchanges.

The assertions are exchanged among sites and services using the protocol and binding, and those assertions are what authenticates users among sites.

Why is SAML Used? And how it is related to Cloud?

The Users authenticate to the enterprise, but resources are increasingly moving to the cloud. How do we allow users to securely access resources spread across multiple providers without spreading user credentials too?


The simple answer is, Of course, SSO. There are many ways to achieve single sign-on, and as organizations use an increasing number of cloud applications, support for various methods of single sign-on became too expensive and time consuming.  SAML 2.0, the newest version currently in use, borrows protocols and intellectual property from a number of the most secure frameworks to standardize SSO across all enterprise cloud applications.

It enables web-based authentication and authorization scenarios including cross-domain single sign-on (SSO), which helps reduce the administrative overhead of distributing multiple authentication tokens to the user. Which means we can configure all applications in an organization including Cloud and On-Premise apps with SAML to allow users to login seamlessly without punching login credentials multiple times.

A schematic diagram of SAML SSO for Cloud and Enterprise Applications:


What are the benefits of SAML?

SAML provides the following benefits with supporting multiple protocols can provide an enterprise-wide, architecturally sound Internet SSO solution.

  • Platform neutrality: SAML abstracts the security framework away from platform architectures and particular vendor implementations. Making security more independent of application logic is an important tenet of Service-Oriented Architecture.
  • Secured: Web applications with no passwords are virtually impossible to hack, as the user must authenticate against an enterprise-class IdM first, which can include strong authentication mechanisms. And also User passwords never cross the firewall, since user authentication occurs inside of the firewall and multiple Web application passwords are no longer required.
  • Built-in Gateway: “SP-initiated” SAML SSO provides access to Web apps for users outside of the firewall. If an outside user requests access to a Web application, the SP can automatically redirect the user to an authentication portal located at the Identity Provider. After authenticating, the user is granted access to the application, while their login and password remains locked safely inside the firewall.
  • Loose coupling of directories: SAML does not require user information to be maintained and synchronized between directories.
  • Improved online experience for end users: SAML enables single sign-on by allowing users to authenticate at an identity provider and then access service providers without additional authentication. In addition, identity federation (linking of multiple identities) with SAML allows for a better-customized user experience at each service while promoting privacy.
  • Reduced administrative costs for service providers: Using SAML to “reuse” a single act of authentication (such as logging in with a username and password) multiple times across multiple services can reduce the cost of maintaining account information. Centralized federation provides a single point of Web application access, control and auditing, which has security, risk and compliance benefits.
  • Risk transference: SAML can act to push responsibility for proper management of identities to the identity provider, which is more often compatible with its business model than that of a service provider

SAML usecase:

SAML developed three “use cases” to drive its requirements:

  • Single sign-on (SSO)
  • Authorization service
  • Back office transaction

The following process explains how a user logs into a hosted Service Provider application/resource through a partner-operated, SAML-based SSO service:


  1. A user first accesses a resource hosted by a web server (the Service Provider) that has SAML content protection enabled.
  2. The SP resource/application generates a SAML authentication request. The SAML request is encoded and embedded into the URL for the partner’s SSO service. The RelayState parameter containing the encoded URL of the SP application that the user is trying to reach is also embedded in the SSO URL. This RelayState parameter is meant to be an opaque identifier that is passed back without any modification or inspection.
  3. The SP application sends a redirect to the user’s browser. The redirect URL includes the encoded SAML authentication request that should be submitted to the Partner’s (IdP) SSO service.
  4. The Partner (IdP) decodes the SAML request and extracts the URL for both SP Application’s ACS (Assertion Consumer Service) and the user’s destination URL (RelayState parameter). The partner then authenticates the user. Partners could authenticate users by either asking for valid login credentials or by checking for valid session cookies.
  5. The partner generates a SAML response that contains the authenticated user’s username. In accordance with the SAML 2.0 specification, this response is digitally signed with the partner’s public and private DSA/RSA keys.
  6. The partner encodes the SAML response and the RelayState parameter and returns that information to the user’s browser. The partner provides a mechanism so that the browser can forward that information to SP Application’s ACS. For example, the partner could embed the SAML response and destination URL in a form and provide a button that the user can click to submit the form to SP resource.
  7. The SP Application’s ACS verifies the SAML response using the partner’s public key. If the response is successfully verified, ACS redirects the user to the destination URL.
  8. The user has been redirected to the destination URL and is logged in to SP Applications/resources.


SAML is the oldest federation protocol, has the widest adoption. It has have proven the viability of organizational federated identity. SAML is the paradigm of good SSO breeding. It has emerged as the go-to SSO protocol for business-to-business (B2B) applications and is an important tool in the enterprise security stack.

Shiva Molabanti


Tags: , , , , , , ,

New OBIEE Sample Application V406

Oracle has released a new OBIEE 11G Sample Application V406. it has everything you think of in OBIEE.. like HTML5, Java and ADF visulations and what not…?

Its available to download as a preconfigured VM image.. download a copy at


What is the fresh meat at a glance?







Tags: , , , , , ,

OBIEE 11G configuration’s Maximum Limits

In OBIEE 11G, The instanceconfig.xml file stores the OBI PS configuration settings. Many configuration settings are available in EM and those should be controlled within EM only unless if we disabled centralConfigurationEnabled option. If any particular setting is not available in EM then we should make changes directly in instanceconfig.xml file. There are many situations where we need to change the default OBI configuration settings to a new value.

Interestingly, The OBIEE 11g have the following information on Maximum limits for these configuration settings, in system MBean called “BIDomain.BIInstance.PerformanceConfiguration”. This helps to asses a safe value without guessing.


Be careful when you are setting the Cache attribute values. For implementations under significant stress increase this value to 1000 or a higher value as mentioned below. The main factor that affects its size is the memory consumption.

  • Maximum range of Global Cache storage size (in Megabytes) to use when BI Server cache is enabled – 9,999
  • Maximum number of cache entries; used to tune cache performance – 99,999
  • Maximum size (in Megabytes) for individual server cache entries – 9,999

Data Display/Download:

The Maximum no.of rows that we can set to display/download in the Table/Pivot views. But keep in mind OBIEE is NOT meant to be a tool to extract huge amounts of information.

  • Maximum number of rows of data to include in Table views – 9,999,999
  • Maximum number of rows of data to include in delivered emails – 9,999,999
  • Maximum number of rows to export to excel – 9,999,999


This is the Maximum no.of OBI Components instantiated for the BI Instance within the Oracle Instance when you are scaling out the OBIEE 11G.

  • OBI Presentation Servers – 99
  • OBI Servers – 99
  • OBI Java hosts – 99
  • OBI Cluster Controllers – 2
  • OBI Schedulers – 2

IMHO, this is something every OBIEE Consultant have to know before hand to update the OBI PS configuration settings. I’ll keep this blog post updated with more information I attain and updates from you…

Stay tuned…



Posted by on October 8, 2013 in BI apps, OBI EE, OBIEE 11g, ODI, Weblogic


Tags: , , , , , , ,

New BI Apps documentation (updated)

If anyone planning to install the new OBI Apps, Use the updated document from Oracle @



Tags: , , ,

How to perform a full load in BI Apps

In new BI APPS, the OOB tools (BI Application configuration Manager and Functional setup manager) are really helpful in terms of populating the Domain values automatically. And also it will provide a clear checklist of tasks that should be completed before doing a load. This is really an outstanding work from oracle to minimize the dependency on documentation to configure the BI Apps.

I have outlined the high-level steps to perform a BI Apps Full load into warehouse.

In BIACM (BI Application Configuration Manager): Login to biacm (http://<hostname>:<port>/biacm) and follow these instructions:

  1. Configure the Source System Connection Pool by choosing your Source Product Line and Version.

  2. Select the offerings e.g. Oracle Project Analytics/ Finance Analytics/ etc…

  3. Click on “Perform Functional Configurations” under Functional Configuration Task list and configure the Offerings in Functional Setup Manager (FSM). Here the FSM will provide us a checklist of the tasks we need to do like the list of parameters and other functional settings that we need to setup for a load.

  4. And come back to biacm application and click on “Manage Load Plans” under “Load Plans” Tasks list to create the Load Plans. In BI APPS, we have a provision to separate the Loads into mini batch loads to minimize the applications/database downtimes. Generally, we will create one Domain Load Plan (SDE, SIL) and one Source Extract and Load (SDE, SIL and PLP). But it’s all depends on the Load strategy we define and will create different set of Load plans like SDE, SIL and PLP.

    Domain Load Plan (SDE, SIL): which does extracting the data from Source system and populate the configuration files to load data into

    Source Extract and Load (SDE, SIL and PLP):

  5. Once we created the load plans, save them and generate the Load Plan details. Now click on Execute button to kick off the Load.

Once the Load plan is started, you can monitor the load with tasks by tasks status in ODI Console/ODI Studio. I would prefer the ODI studio as best practice to use to monitor the loads and troubleshooting the issues.

In ODI Studio:

After Load Plan started, Login to ODI Studio with biapps admin username and password, and navigate to Operator, to monitor the load plan with the steps (tasks) those are configured either in sequential or Parallel order for execution. Here you can see the overall Load Plan status by Tasks and also the summary of tasks execution to know how many are in the state of Done/Error/Running/Waiting etc..

We will troubleshoot the failed tasks and after issue fixes we have the ability to start that particular task individually. If any failed task ran successfully after fixes, The ODI will resume the load plan automatically to start next dependent (serial) tasks. Otherwise, we can also resume the Load plan with its “restart from the failure” option.

And also if we feel if the failed task is not a potential failure for the load, then we can “Mark as complete” it like DAC.

Upon Load Plan is successful, the ODI will load data into Warehouse and frees up the work tables where it was doing the transformations.

A sample Screen Shot of BI APPS Oracle Project Analytics Dashboard after a full load using ODI 11g:

Have a great time folks…




Tags: , , , , , , ,